x-kom hosting

Skanowanie combofix

Gregor77
utworzono
utworzono

Witam serdecznie. Mam problem odnosnie komputera laptopa. Otoz mialem na nim podsluch i wogole wydaje mi sie nastapilo wlamanie przez modem. Moj modem to Haweya e 173. Mialem aero i jacys ludzie zablokowali mi dostep do niego tzn nie moglem sie poloczyc. Pozniej kupilem karte startowa playa i moglem juz korzystac. System  dwa razy stawiany. Po pierszym stawianiu internet aero chodzil strasznie zamulajac tak jak by sie ktos podlaczyl tylko nie wiem jak. Wyłaczylem blutupa i wifi. przeskanowalem combofixem i bylo lepiej. Pozniej jeszcze raz byl stawiany. Skany esetem i kasperskim przyniosly rezultaty. Ostatni skan combofixem :

 

ComboFix 14-08-26.02 - Gregor84 2014-09-01  21:55:03.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1250.48.1045.18.3980.3078 [GMT 2:00]
Uruchomiony z: c:\users\Gregor84\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\programdata\SetStretch.VBS
c:\windows\msvcr71.dll
.

 

.
(((((((((((((((((((((((((   Pliki utworzone od 2014-08-01 do 2014-09-01  )))))))))))))))))))))))))))))))
.
.
2014-09-01 20:02 . 2014-09-01 20:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-01 19:44 . 2014-04-16 20:12    5181144    ----a-w-    c:\programdata\cis4508.exe
2014-09-01 17:43 . 2010-11-04 15:52    93696    ----a-w-    c:\windows\system32\drivers\ew_jucdcacm.sys
2014-09-01 17:43 . 2010-10-09 12:49    85504    ----a-w-    c:\windows\system32\drivers\ew_jubusenum.sys
2014-09-01 17:43 . 2010-09-26 16:01    29184    ----a-w-    c:\windows\system32\drivers\ew_juextctrl.sys
2014-09-01 17:43 . 2010-09-26 16:01    55296    ----a-w-    c:\windows\system32\drivers\ew_jucdcecm.sys
2014-09-01 17:43 . 2010-09-03 15:36    196608    ----a-w-    c:\windows\system32\drivers\ew_juwwanecm.sys
2014-09-01 17:43 . 2010-08-31 16:09    256000    ----a-w-    c:\windows\system32\drivers\ewusbnet.sys
2014-09-01 17:43 . 2010-08-07 15:49    121600    ----a-w-    c:\windows\system32\drivers\ewusbmdm.sys
2014-09-01 17:43 . 2010-05-10 12:22    999936    ----a-w-    c:\windows\system32\drivers\mod7700.sys
2014-09-01 17:43 . 2010-03-20 10:06    13952    ----a-w-    c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-09-01 17:43 . 2010-01-18 16:48    32768    ----a-w-    c:\windows\system32\drivers\ewdcsc.sys
2014-09-01 17:43 . 2010-07-27 07:52    117248    ----a-w-    c:\windows\system32\drivers\ew_hwusbdev.sys
2014-09-01 17:43 . 2014-09-01 17:44    --------    d-----w-    c:\program files (x86)\PLAY ONLINE
2014-09-01 17:09 . 2014-05-15 01:02    59424    ----a-w-    c:\windows\system32\wuauclt.exe
2014-09-01 17:09 . 2014-05-14 22:43    3286528    ----a-w-    c:\windows\system32\wuaueng.dll
2014-09-01 17:09 . 2014-05-14 22:43    253440    ----a-w-    c:\windows\system32\WUSettingsProvider.dll
2014-09-01 17:09 . 2014-05-14 22:43    1623040    ----a-w-    c:\windows\system32\wucltux.dll
2014-09-01 17:09 . 2014-05-14 22:42    176640    ----a-w-    c:\windows\system32\storewuauth.dll
2014-09-01 17:08 . 2013-08-16 05:21    49152    ----a-w-    c:\windows\system32\wups2.dll
2014-09-01 11:06 . 2014-09-01 13:46    --------    d-----w-    c:\program files (x86)\Sony Ericsson
2014-09-01 08:17 . 2014-09-01 08:17    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-08-31 19:56 . 2008-03-27 14:51    1490656    ----a-w-    c:\windows\system32\WdfCoInstaller01007.dll
2014-08-31 19:56 . 2008-03-27 14:51    1490656    ----a-w-    c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-08-31 19:53 . 2014-09-01 17:44    --------    d-----w-    c:\programdata\DatacardService
2014-08-31 19:42 . 2014-08-31 19:42    --------    d-----w-    c:\program files\AdTrustMedia
2014-08-31 19:42 . 2014-08-31 19:42    --------    d-----w-    c:\program files (x86)\AdTrustMedia
2014-08-31 19:42 . 2014-08-31 19:42    --------    d-----w-    c:\programdata\Adtrustmedia
2014-08-31 19:13 . 2014-08-31 19:17    --------    d-----w-    c:\users\Gregor84
2014-08-31 19:06 . 2014-08-31 19:06    --------    d--h--r-    c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}]
2013-11-15 12:17    744616    ----a-w-    c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_PLAY ONLINE"="c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe" [2009-04-14 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PrivDogService"="c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe" [2013-11-15 525480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R3 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthLEEnum;Sterownik funkcji Bluetooth Low Energy;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S3 IntcDAud;Audio dla wyświetlaczy Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S3 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
.
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-01 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-09-27 07:15    1472512    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-09-27 07:15    1472512    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-09-27 07:15    1472512    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll
.
------- Skan uzupełniający -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
TCP: Interfaces\{2E2D149B-12FE-4E86-B22D-CE61CC577BE3}: NameServer = 89.108.202.21 89.108.195.21
FF - ProfilePath - c:\users\Gregor84\AppData\Roaming\Mozilla\Firefox\Profiles\tmp6sis5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: plugin.state.npcontentblocker - 2
FF - user.js: plugin.state.nponlinebanking - 2
FF - user.js: plugin.state.npvkplugin - 2
FF - user.js: plugin.state.anti_banner_native_proxy - 2
FF - user.js: plugin.state.url_advisor - 2
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Czas ukończenia: 2014-09-01  22:12:57
ComboFix-quarantined-files.txt  2014-09-01 20:12
.
Przed: 163 632 590 848 bytes free
Po: 163 352 895 488 bytes free
.
- - End Of File - - 6800917F7141A9457933069F7C8CC743

 

 

Nie za bardzo sie na tym znam. Zainstalowalem comodo firewal i teraz mam internet wifi. W sumie chcialbym miec pewnosc ze nie mam zadnych podsluchow badz programow ktore w kontroluja co robie . Prosze o pomoc

 

pawel315
komentarz
komentarz

Na początek to logi z FRST podaj a nie z Combofix'a

Gregor77
komentarz
komentarz

A wiec wlasnie zrobilem skan frst :

 

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.